Announcement

Collapse
No announcement yet.

Active Directory access over a NAT VPN tunnel

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active Directory access over a NAT VPN tunnel

    Hello,

    Can anyone shed some light on my current deilema ??

    I have two class B networks. The primary network is 192.168.50/24 and houses the Win2000 AD root domain controller, DNS and WINS.. The secondary network is also a 192.168.50/24 network and is connected to the primary network via a VPN tunnel. This tunnel performs a double NAT so the two network can co-exist. This is a mirrored site configuration for a high availablily application service.

    My problem is how to get machines on the secondary network to "see" the AD controller! I know that DNS is used to "find" the DC's in a windows 2000 network however the IP's that are stored in DNS are "local" to the primary network. So when secondary network machines query DNS they get a local address not the NAT'd address. I was playing with AD sites and services tool thinking that the configuration answer may be there but all I tried so far has not worked.

    I'm certain someone out there has had to set up a mirrored site such as this and I would really appreciate if you could share the secret to making this work..

    Thanks in advance for your guidance..

    pdsitadmin

  • #2
    Re: Active Directory access over a NAT VPN tunnel

    As far as I know, this kind of setup is not supported.
    You might want to consider splitting the network into two 192.168.50/25 subnets fully routed instead of NAT-ing the link.
    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"

    Comment


    • #3
      Re: Active Directory access over a NAT VPN tunnel

      > The secondary network is also a 192.168.50/24 network and is connected to the primary network via a VPN tunnel

      At first glance, this is impossible. You cannot have two identical subnets and route between them. I bet you cannot even ping from one side to the other. I think you need two different subnets.

      Comment

      Working...
      X